jan/miniflux-legacy
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Add token for the bookmarklet

Browse Source
This commit is contained in:
Frédéric Guillot 2014-05-28 16:44:25 -04:00
parent 4071b2bd2b
commit 3e1229a4d1
5 changed files with 28 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
controllers/feed.php
View File

@ -218,14 +218,19 @@ Router\get_action('add', function() {
// Add a feed with the form or directly from the url, it can be used by a bookmarklet by example
Router\action('subscribe', function() {
if (Request\param('url')) {
$values = array();
$url = Request\param('url');
}
else {
if (Request\is_post()) {
$values = Request\values();
$url = isset($values['url']) ? $values['url'] : '';
}
else {
$values = array();
$url = Request\param('url');
$token = Request\param('token');
if ($token !== Model\Config\get('bookmarklet_token')) {
Response\text('Access Forbidden', 403);
}
}
$values += array('download_content' => 0);
$url = trim($url);

6
models/config.php
View File

@ -8,7 +8,7 @@ use PicoDb\Database;
use PicoFeed\Config as ReaderConfig;
use PicoFeed\Logging;
const DB_VERSION = 25;
const DB_VERSION = 26;
const HTTP_USER_AGENT = 'Miniflux (http://miniflux.net)';
// Get PicoFeed config
@ -155,7 +155,7 @@ function get_nothing_to_read_redirections()
function generate_token()
{
if (function_exists('openssl_random_pseudo_bytes')) {
return bin2hex(\openssl_random_pseudo_bytes(16));
return bin2hex(\openssl_random_pseudo_bytes(25));
}
else if (ini_get('open_basedir') === '' && strtoupper(substr(PHP_OS, 0, 3)) !== 'WIN') {
return hash('sha256', file_get_contents('/dev/urandom', false, null, 0, 30));
@ -170,6 +170,7 @@ function new_tokens()
$values = array(
'api_token' => generate_token(),
'feed_token' => generate_token(),
'bookmarklet_token' => generate_token(),
);
return Database::get('db')->table('config')->update($values);
@ -232,6 +233,7 @@ function get_all()
'theme',
'api_token',
'feed_token',
'bookmarklet_token',
'auth_google_token',
'auth_mozilla_token',
'items_sorting_direction',

6
models/schema.php
View File

@ -3,6 +3,12 @@
namespace Schema;
function version_26($pdo)
{
$pdo->exec('ALTER TABLE config ADD COLUMN bookmarklet_token TEXT DEFAULT "'.\Model\Config\generate_token().'"');
}
function version_25($pdo)
{
$pdo->exec(

2
templates/config.php
View File

@ -73,7 +73,7 @@
<ul>
<li>
<?= t('Bookmarklet:') ?>
<a href="javascript:location.href='<?= Helper\get_current_base_url() ?>?action=subscribe&amp;url='+encodeURIComponent(location.href)"><?= t('Subscribe with Miniflux') ?></a> (<?= t('Drag and drop this link to your bookmarks') ?>)
<a href="javascript:location.href='<?= Helper\get_current_base_url() ?>?action=subscribe&amp;token=<?= urlencode($values['bookmarklet_token']) ?>&amp;url='+encodeURIComponent(location.href)"><?= t('Subscribe with Miniflux') ?></a> (<?= t('Drag and drop this link to your bookmarks') ?>)
<li>
<?= t('Bookmarks RSS Feed:') ?>
<a href="<?= Helper\get_current_base_url().'?action=bookmark-feed&amp;token='.urlencode($values['feed_token']) ?>" target="_blank"><?= Helper\get_current_base_url().'?action=bookmark-feed&amp;token='.urlencode($values['feed_token']) ?></a>

6
vendor/PicoFarad/Request.php vendored
View File

@ -76,3 +76,9 @@ function file_move($field, $destination)
move_uploaded_file($_FILES[$field]['tmp_name'], $destination);
}
}
function is_post()
{
return isset($_SERVER['REQUEST_METHOD']) && $_SERVER['REQUEST_METHOD'] === 'POST';
}